Cybersecurity for Your Collision Repair Business - BodyShop Business

Cybersecurity for Your Collision Repair Business

Strengthening your business' Web security through strong passwords will ensure that your information stays safe.

Password: fluffy1234. One of our clients asked us to use this for setting up his email, telling us it was the name of his wife’s cat. “Admin” was another client’s request for a username, and he wanted his password to be 1234. Nope! No way, no how! We vigorously refuse to put unsecure passwords in place. “But they’re hard to remember, I have so many of them,” said one business owner. “I just keep them all the same, it makes it easier to keep it all straight,” said another. And that makes it easier for thieves to make life a living nightmare. And if they aren’t thieves, they are, at the very least, vandals.

Real Threats
Consider this a warning shot across your business bow. There are plenty of people out there gunning for weaknesses in website passwords, email passwords and databases with information of value – names, addresses, phone numbers, email and credit card information. How secure are you and your business?

Threats to your cybersecurity are all too real. If you haven’t been impacted by identity theft, hacked emails and websites or data breaches, consider yourself lucky. To protect yourself – and your business – from cybersecurity threats, you need a plan. Here are nine things you need to address:

1. Policies and training: Set up rules and policies to protect your business. Have systems in place, then train employees and set up consequences for non-compliance.

2. Passwords: Strong passwords need to be set up. Here’s a free source for the creation of a highly encrypted password: Some policies to follow include:

  • Don’t use the same password across multiple accounts.
  • Passwords should be at least 15 to 20 characters long and include numbers, upper and lower case letters, and symbols.
  • Don’t use family names, initials, pets, birthdates, addresses, towns or full words in general, phone numbers or mathematical sequences as passwords.
  • Do not permit your browser or FTP client programs to save your passwords. Any password saved in this manner can easily be discovered with a single click using some programming script.
  • Do not access important, password-protected accounts from public computers or someone else’s computer.
  • Change your passwords regularly. Monthly is best, quarterly at the very least.
  • Keep passwords straight using phone apps or an online password management system. PC Magazine suggests the following: KeePass (free, download to your computer),; LastPass (free, cloud-based),; RoboForm Desktop 7 (for one PC), or RoboForm Everywhere 7 (multiple PCs) (from $29.95) Alternatively, save your passwords as plain text, then encrypt them with AES Crypt or AxCrypt.
  • When employees leave the company, change all passwords that person was familiar with.

3. Virus/malware protection: Your computers must have the latest virus and malware protection installed and operating. It must be updated regularly, then have a full scan run after each update.

4. Firewall: A firewall should be set up for your company’s Internet connection. Talk with an IT professional about what that entails.
Firewalls protect your private network data from being breached by outsiders.

5. Mobile device protocol: Mobile devices used by your team can pose significant threats. They may contain confidential information and are frequently used to access company networks. Password protect these devices, and have security apps installed. Encrypt all important data. Devices connecting to public networks at coffee shops, libraries, schools, etc., are particularly vulnerable to attack.

6. Back up data: Nothing is sacred. Back up your data regularly.  Email, documents, spreadsheets, databases, accounting files, HR files, etc., are irreplaceable and should be backed up regularly, preferably automatically. Services like Carbonite or Barracuda are great for this purpose. If you make your own backups, put them on two external drives and keep them in a safe deposit box. Alternate these drives with each backup.

7. Wi-Fi: Secure your company Wi-Fi account with a highly encrypted password, which will help block outsiders from getting into your company network. If you offer a public access point for customers to use, make it separate from your business network.

8. Credit card processing: Work closely with whatever service you use to process credit cards and make sure you’re using the most trusted, validated and anti-fraud system possible. Use an isolated computer for these transactions, not one used for going online.

9. Give limited access: Give access to employees only on a need-to-know basis, only for the processes they use. No person other than the owner should have access to all this information. We call this having the “keys to the castle.” Give these keys to a trusted attorney who’s in charge of the owner’s estate should something happen, with strict instructions that these be given out ASAP to a specific person in the event of the owner’s demise.

Not So Hard

Sure, it’s hard to do all this, but it’s much harder to fix a data breach, undo the damage done by hackers and apologize to customers for their personal information being stolen. Set a goal to get this done before the end of the year.

BSB Contributing Editor Mark Claypool has more than 30 years of experience in the fields of workforce development, apprenticeships, marketing and Web presence management with SkillsUSA, the
I-CAR Education Foundation, Mentors at Work, VeriFacts Automotive and the NABC. He is the CEO of Optima Automotive (, which provides website design, SEO services and social media management services.

You May Also Like

BodyShop Business 2023 Executives of the Year

Greg Solesbee was named the Single-Shop Executive of the Year, and Charlie Drake was named the Multi-Shop Executive of the Year.

For the 39th consecutive year, BodyShop Business has recognized distinguished collision repair facility owners and managers with its Executive of the Year award.

The awards are given to true collision repair “visionaries” — individuals who have experienced great success by being forward-thinking, overcoming challenges and persevering. Winners are selected based on experience, special achievements and involvement within the local community and collision repair industry.

How to Determine the Value of Your Auto Body Shop

Whether you’re looking to sell, expand or transition your shop, understanding the value of your business is essential.

Squad Goals: Empowering Women in Collision Repair

Eight strong, smart, skilled women help Jason Wong guide his two CARSTAR locations in San Francisco.

Body Shop Cleanliness: Spots Are Only Good for Dalmatians

A spotless shop inspires customer confidence and drives excellent performance.

Solid Accounting: The Difference Between Winning and Losing

Wouldn’t it be great to be able to quickly review your financials and know where you’re winning and losing so you can fix the problem immediately?

Other Posts

This Could Be Your Last Text

A sign I saw on the highway that said “This Could Be Your Last Text” reminded me of my son’s recent car wreck.

SUNY Morrisville Auto Body Program Makes Students, Cars Shine 

A 1997 Mustang Cobra is getting the chance to shine again, thanks to students in Alexander Graf’s auto body technology classes.

3 Strategies to Improve Your Insurance Protection

If you’re looking to improve your shop operations and set yourself up for success in 2024, remember these three insurance strategies.

A Scary Moment Reminds Us of the Importance of Proper Collision Repairs

My son’s car wreck reminded me that we literally hold people’s lives in our hands in the collision repair business.